MS&AD Insurance Group Holdings, Inc.
Declaration of Personal Information Protection (Privacy Policy)

 

 

Given the importance of protecting personal information, MS&AD Insurance Group Holdings, Inc. (hereinafter “we”: Click here for company address and name of representative) will strictly adhere to the Act on the Protection of Personal Information (hereinafter “Personal Information Protection Act”) the Act on the Use of Numbers to Identify a Specific Individual in Administrative Procedures (hereinafter “My Number Act”), as well as other laws, regulations and guidelines to properly handle personal information and take appropriate secure management measures.
We will also ensure that personal information is not mishandled, and will properly educate and supervise those who are engaged in business operations, etc. on the appropriate handling of personal information. We will continue to review and improve our handling of personal information and our methods for secure management.

1. Collection/Use of Personal Information

We will obtain and use personal information to the extent necessary for business in a fair and legitimate manner. We may also obtain personal information (excluding individual numbers and specific personal information as specified in 8 below) from phone calls involving questions and consultations, which will be recorded to accurately record their content.

2. Purposes of Use of Personal Information

We will also notify individual respondents of or make public our purposes for using the personal information (excluding individual numbers and specific personal information; See 8 below.) and use it only to the extent necessary to accomplish the following purposes. We will define the purposes of use clearly for respondents to understand and we announce it on a Web site as in the following. We limit the purposes of use to an extent relevant to specific cases where personal information is obtained. In cases where obtained personal information is intended to be used beyond the extent necessary to accomplish the said purposes, we should acquire consent from the relevant individuals to such use unless it meet any item of Article 18, paragraph (3) of the Act on the Protection of Personal Information.

 

< Purposes for Using Personal Information >
· For corporate management of group companies
· For appropriate and smooth performance of transaction with the relevant individual

3. Provision of Personal Data to Third Parties and Obtainment Thereof from Third Parties

(1) We will not offer personal data (excluding individual numbers and specific personal information; See 8 below.) to third parties without prior consent from the relevant individual except for the following cases:

 

(i) When required to do so by laws and regulations;
(ii) When offering the information to consigned companies (including those located overseas), to the extent necessary to achieve the purpose of use and operate our business;
(iii) When offering the information to third parties via procedures based on Article 27, paragraph 2 of the Act on the Protection of Personal Information (i.e. opting out) ;
(iv) When sharing information between our Group companies (please refer to item 6 below).

 

(2) When we have provided personal data to a third party, except when required to do so by laws and regulations, we will record the details about such provision (when, to whom, what personal data, etc.). When we have been provided with personal data by a third party (including when we obtain information relating to an individual specified in 4. below as personal data), we will confirm and record the details about such provision (when, from which party, what personal data, how the third party concerned obtained the personal data in question, etc.).

4. Handling of Information Relating to An Individual

(1)Where a third party is likely to obtain information relating to an individual (i.e., information relating to a living individual, and not corresponding to any of personal information, pseudonymously processed information, or anonymously processed information) as personal data, except in the case where such third party is required to do so by laws and regulations, we will provide the information concerned only after confirming that such third party has gained the consent of the relevant individual to the third party’s obtaining such information.

(2)Where we expect that we will obtain information relating to an individual as personal data, except in the case where we are required to do so by any law and/or regulation, we will gain the consent of the individual concerned to our obtaining such information.

5. Consignment of Personal Data Handling

(1) We may provide a certain portion of obtained personal information (including individual numbers and specific personal information as specified in 8 below) to external third parties (including those located overseas) for consigned operations within the extent necessary to accomplish the purposes of use. According to pre-set criteria for selecting consigned companies, we will check their information management system and conduct other necessary and adequate supervision on the consigned company prior to making an order and trusting personal data to it.
 

(2) When we consign handling of personal data to an overseas external third party, we ensure that we not only carry out the following secure management procedures but also conclude a consignment agreement with said third party which obligates it to implement procedures equivalent to the secure management procedures for personal data required under the Personal Information Protection Act (hereinafter “equivalent procedures”).

① The following items are checked in writing on an annual basis:
a) Status of implementation of equivalent procedures by the consigned third party; and
b) Existence or otherwise of any system in the country where said consigned third party is located which may impact on implementation of equivalent procedures.
② In the event of any hindrance to implementation of equivalent procedures, we will request that the situation be remedied. If it becomes difficult to ensure ongoing implementation of such equivalent procedures, we will discontinue provision of the personal data in question.
③ The consignment agreement provides for such matters as that personal data is to be handled only within the scope of the agreement, that necessary and appropriate secure management procedures are to be implemented, that necessary and appropriate supervision is to be exercised over employees, need for prior approval before subcontracting consigned work, and prohibition of provision of personal data to any third party.
④ Please contact the information desk below for queries regarding consignment of personal data handling to overseas external third parties.

6. Shared Use of Personal Data

(1) For MS&AD Insurance Group Holdings, Inc. (hereinafter, the "Holding Company") to manage the business of the MS&AD Insurance Group companies, MS&AD Insurance Group may share personal data (excluding individual numbers and specific personal information; See 8 below.) between the Holding Company and the MS&AD Insurance Group companies based on the following conditions.

 

① Items of personal data

a) Shareholder information (name, address, number of shares, etc.)
b) Customer information held by the Holding Company or the Group companies (name, address, phone number, email address, gender, date of birth, other information related to customer transactions such as those noted in contract forms or information regarding insured events, etc.).

② Scope of users of shared information and management representative
Users of shared information are domestic and overseas insurance companies, reinsurance companies, and related companies of the MS&AD Insurance Group. (Click here to see the users.) The management representative for the shared use of information will be the Holding Company (Click here for company address and name of representative).

(2) We and other Group companies may share personal data for the purpose of explaining or providing products and services, as well as planning, development and analyzing of new products and services under the following conditions:

① Items of personal data
Name, address, telephone number, e-mail address, gender, date of birth, and other information related to customer transactions such as contract details noted in application forms or information regarding insured events, etc.

② Scope of users of shared information and management representative
Users of shared information are domestic and overseas insurance companies, reinsurance companies, and related companies of the MS&AD Insurance Group. (Click here to see the users.) The management representative for the shared use of information will be the Holding Company (Click here for company address and name of representative).

7. Handling of Sensitive Information

We will not obtain, use, or offer to third parties sensitive information such as 1) any type of information for which special care is required, as stipulated in Article 2 Paragraph 3 of the Personal Information Protection Act, or 2) any personal information relating to matters such as labor union membership, family background, domicile of origin, medical history and sexual orientation, unless otherwise stipulated by the Act on the Protection of Personal Information, other laws, regulations or guidelines.

8. Handling of specific personal information, etc.

We will neither acquire nor use individual numbers or specific personal information as provided for by the My Number Act for any purpose other than those restrictively specified in said Act. We will not provide individual numbers or specific personal information to any third party except in those cases which are restrictively specified in the My Number Act. Furthermore, we will not use individual numbers or specific personal information in a shared manner, as stated in 6 above.

9. Request for Notification, Disclosure, Corrections, Discontinuation of Use, etc.

Please refer to the information desk below for requests for notification, disclosure, corrections, etc. of matters regarding information that we hold under the Act on the Protection of Personal Information (including individual numbers and specific personal information as specified in 8 above) or discontinuation, etc. of their use.
We will reserve the right to verify the identity of the claimant, who will be required to complete the prescribed forms and the application procedure. Requests will be answered at a later date using a method selected in accordance with the claimant’s preference, such as in writing, mailing of external storage media, including CD-ROMs, or electronic mailing. At the time of responding, we will require claimants to pay the standard fees for any requests for disclosure.
If we find that information about the claimant is incorrect, we will correct the information based on the results of our investigation.

10. Summary of Secure Management Procedures for Personal Data

We will make efforts to prevent leakage, damage, or defamation of personal data (including individual numbers and specific personal information as specified in 8 above). It will also ensure adequate security measures such as the maintenance of policies regarding use as well as that of systems in place for secure management procedures.
Please contact the information desk below for queries regarding secure management procedures.
Main details of secure management procedures are as follows:

11. Handling of Pseudonymously Processed Information

(1) Creation of pseudonymously processed information
When creating pseudonymously processed information (information relating to an individual that can be created from processing personal information, by taking action stipulated in laws and regulations so as to make it impossible either to identify a specific individual or to restore the original personal information), we will observe the following requirements:

① Information shall be processed appropriately in accordance with standards stipulated in laws and regulations.
② Security control action shall be taken in accordance with standards stipulated in laws and regulations so as to prevent leakage of deleted information and information relating to processing methods.
③ No checking against other information shall be carried out to identify the first person relating to personal information used for creation.

 

(2) Purpose of use of pseudonymously processed information
If we have made a change to the purpose of use of pseudonymously processed information, we will define, to the extent possible, the purpose of use after such change and publish same while specifying that it relates to the pseudonymously processed information concerned.

12. Handling of Anonymously Processed Information

(1) Creation of Anonymously Processed Information

When creating anonymously processed information (information relating to an individual that can be created from processing personal information, by taking action stipulated in laws and regulations so as to make it impossible either to identify a specific individual or to restore the original personal information), we will observe the following requirements:

(i) Information shall be processed appropriately in accordance with standards stipulated in laws and regulations.
(ii) Security control action shall be taken in accordance with standards stipulated in laws and regulations so as to prevent leakage of deleted information and information relating to processing methods.
(iii) Items of information contained in anonymously processed information shall be disclosed to the public.
(iv) No action shall be taken to identify the first person relating to personal information used to create the anonymously processed information concerned.
 

(2) Provision of Anonymously Processed Information

When providing anonymously processed information to a third party, we will disclose to the public the items of information relating to an individual contained in such anonymously processed information as well as the method of provision, and we will state to the third party explicitly to the effect that the information being provided is anonymously processed information.
 

13. Information Desk

We will respond quickly and appropriately to complaints and requests for consultations regarding its handling of personal information (including individual numbers and specific personal information as specified in 8 above). Please contact the desk below for enquiries, disclosure, corrections, etc. regarding the handling of personal information, requests for discontinuation, etc. of use of personal data, and questions about secure management procedures.

< Contact Desk >

MS&AD Insurance Group Holdings, Inc. Data Management Department
Telephone Number: 03-5117-0225

Business Hours: 9:00-17:00 (Monday through Friday)

 

* The office is closed during the year-end and new-year period and public holidays.